Misbinding Attacks on Secure Device Pairing and Bootstrapping

Sethi, Mohit; Peltonen, Aleksi; Aura, Tuomas

doi:10.1145/3321705.3329813

Cited by 18 publications

(19 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As noted by Sethi et al [34], all device pairing and bootstrapping protocols are vulnerable to misbinding attacks. These attacks require that the device being configured by the user has already been compromised.…”

Section: Discussion and Future Workmentioning

confidence: 99%

“…Experimental implementations have been developed to examine the protocol [25,41]. Furthermore, the EAP-NOOB protocol has been modeled with mCRL2 11 formal modeling language [30] to simulate protocol behavior and with ProVerif 12 tool for verifying its security characteristics [34].…”

Section: Eap-noobmentioning

confidence: 99%

“…These types of attacks are targeted attacks and they require physical access to the peer device before the bootstrapping begins. As stated by Sethi et al [34], most device-pairing protocols, where authentication is established by physical access are vulnerable to misbinding. The paper suggests a trusted path as one mitigation mechanism.…”

Section: Securitymentioning

confidence: 99%

“…+ QR codes are easy to use by simply focusing the camera towards the code. However, various studies have shown the scanning of QR codes to be a difficult task for users who are not familiar with them [34,35]. − The QR code standard does not support multiple URLs and, therefore, displaying multiple URLs requires a separate QR code for each URL.…”

Section: Qr Codementioning

confidence: 99%

See 3 more Smart Citations

Evaluation of Out-of-Band Channels for IoT Security

2019

Self Cite

View full text Add to dashboard Cite

Secure bootstrapping is the process by which a device gets the necessary configuration information and security credentials to become operational. In many pervasive computing and Internet-of-Things scenarios, it is often not possible to rely on the existence of a trusted third party or other network infrastructure for bootstrapping. Therefore, several device bootstrapping protocols rely on an out-of-band (OOB) channel for initial device authentication and configuration. We begin this paper by understanding the need for OOB channels and performing a literature survey of existing standards and devices that rely on OOB channels. We then look at one candidate bootstrapping protocol: Nimble out-of-band authentication for EAP (EAP-NOOB). We provide a brief overview of the EAP-NOOB protocol and describe its unique OOB channel requirements. Thereafter, we implement three OOB channels for EAP-NOOB using near-field communication, quick response codes, and sound. Using our implementation, we evaluate the usability, security, benefits, and limitations of each of the OOB channels.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

Section: Eap-noobmentioning

confidence: 99%

Section: Securitymentioning

confidence: 99%

Section: Qr Codementioning

confidence: 99%

See 2 more Smart Citations

Evaluation of Out-of-Band Channels for IoT Security

2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…Therefore, these verification results are difficult to interpret. Furthermore, the security analysis using the protocol verification tools has not been discussed even though multiple research works [25][26][27] have adopted these formal methods to evaluate the security of their proposals based on a predefined set of authentication properties. Also, we have noticed that numerous SDP schemes are based on a threat model, inspired from the Dolev-Yao intruder capabilities [6].…”

Section: Introductionmentioning

confidence: 99%

Security Analysis of Out‐of‐Band Device Pairing Protocols: A Survey

Khalfaoui

Leneutre

Villard

et al. 2021

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Numerous secure device pairing (SDP) protocols have been proposed to establish a secure communication between unidentified IoT devices that have no preshared security parameters due to the scalability requirements imposed by the ubiquitous nature of the IoT devices. In order to provide the most user-friendly IoT services, the usability assessment has become the main requirement. Thus, the complete security analysis has been replaced by a sketch of a proof to partially validate the robustness of the proposal. The few existing formal or computational security verifications on the SDP schemes have been conducted based on the assessment of a wide variety of uniquely defined security properties. Therefore, the security comparison between these protocols is not feasible and there is a lack of a unified security analysis framework to assess these pairing techniques. In this paper, we survey a selection of secure device pairing proposals that have been formally or computationally verified. We present a systematic description of the protocol assumptions, the adopted verification model, and an assessment of the verification results. In addition, we normalize the used taxonomy in order to enhance the understanding of these security validations. Furthermore, we refine the adversary capabilities on the out-of-band channel by redefining the replay capability and by introducing a new notion of delay that is dependent on the protocol structure that is more adequate for the ad hoc pairing context. Also, we propose a classification of a number of out-of-band channels based on their security properties and under our refined adversary model. Our work motivates the future SDP protocol designer to conduct a formal or a computational security assessment to allow the comparability between these pairing techniques. Furthermore, it provides a realistic abstraction of the adversary capabilities on the out-of-band channel which improves the modeling of their security characteristics in the protocol verification tools.

show abstract